CVE-2012-3408 (retired)

Priority
Description
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet
Enterprise before 2.5.2, supports use of IP addresses in certnames without
warning of potential risks, which might allow remote attackers to spoof an
agent by acquiring a previously used IP address.
Notes
mdeslaurThis would break existing installations. This will be fixed
in upstream 3.0. For 2.7, USN-1506-1 added a deprecation
warning.
Since this change would break existing installations, we will
not fix this in Ubuntu.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):ignored
More Information

Updated: 2019-10-09 07:42:51 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)